General

  • Target

    ab34dad9a255538b46b5c06a9d99d3324a6f204b3f09ff376378580f45f63adb

  • Size

    1MB

  • Sample

    220302-cj475adgfn

  • MD5

    a121d39d7907071cb07215d25364b798

  • SHA1

    f189ab1ab8a4083c5e37b7a06f33e271dd9c4a59

  • SHA256

    ab34dad9a255538b46b5c06a9d99d3324a6f204b3f09ff376378580f45f63adb

  • SHA512

    e4db45f6baa1ac14b85bc8879373f4bdbc966184ea3b5f6e457cc26781d0e1230d83727d4046750817e86853a779961cccedb2cb9a6f67ebfe374804237fbdcb

Malware Config

Targets

    • Target

      ab34dad9a255538b46b5c06a9d99d3324a6f204b3f09ff376378580f45f63adb

    • Size

      1MB

    • MD5

      a121d39d7907071cb07215d25364b798

    • SHA1

      f189ab1ab8a4083c5e37b7a06f33e271dd9c4a59

    • SHA256

      ab34dad9a255538b46b5c06a9d99d3324a6f204b3f09ff376378580f45f63adb

    • SHA512

      e4db45f6baa1ac14b85bc8879373f4bdbc966184ea3b5f6e457cc26781d0e1230d83727d4046750817e86853a779961cccedb2cb9a6f67ebfe374804237fbdcb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks